Is there a story we should be doing? Do you have information about corruption, mismanagement, or other misdeeds in Canada that the public should know about?
Below are several ways to reach us, including confidential channels that use the latest security practices. Please be as specific as possible in your tips: who is being harmed and who is doing the harming? Why does it matter? Is it part of a bigger problem or is it an isolated case? What kind of proof do you have?
Please include evidence (documents, audio, video, images, data) if possible.
For extra privacy, don’t use a computer, account, or internet connection associated with your workplace to contact use.
Please do not use these channels for audience feedback, freelance pitches, or PR materials.
Although email is the easiest way to reach us, it’s not private. Your email provider (and ours) will have a record of your communication with us, including the contents. Think of an email like a postcard. If you’re okay with that, we welcome tips at [email protected].
If you want to reach us by email and don’t have a suitable email address, Protonmail is a good free email provider that you can use. However, it won’t make you anonymous.
PGP
A more secure way to send email is to encrypt the contents using PGP. This doesn’t disguise the fact that you are sending an email to us, so it’s not fully anonymous.
It’s also complicated to set up, even for technical people. We suggest using one of the contact methods below. If you want to use PGP, here are guides for Windows, Mac and Linux. If you use Gmail, PGP can be easily added using FlowCrypt.
Send your PGP-encrypted email to [email protected].
PGP fingerprint: CAC7 B29B B0DC C956 AB6B 3301 567B EBCF BF4C 6E3F
Signal
Signal is a free, secure messaging app on iOS and Android. It uses end-to-end encryption and does not store user data, so the contents and recipient of your message are kept secret—even from Signal itself.
To be extra safe, don’t save our number in your phone’s contact list, just type it into Signal directly when you want to message us. Consider using a secondary phone number to reach us if you don’t want your message to be associated with your personal number. Here’s a guide on using Signal with a secondary number. And here’s one on how to make your use of Signal as secure as possible.
Contact us on Signal with this number: (604) 396-4699
WhatsApp is a free, widely-used messaging service offered by Meta, Facebook’s parent company. Although messages are encrypted, user information can be collected by Meta, and messaging us on WhatsApp will leave a metadata trail linking your account and ours. It’s also easy to accidentally backup messages onto cloud services like Google Drive. Be mindful of these risks when using WhatsApp.
Contact us on WhatsApp with this number: (604) 396-4699
Postal mail
Regular mail can be a convenient and secure way to send us information. But it’s good to take certain precautions. For example, don’t include a return address, and send it from a post office or mailbox that you don’t normally use.
Also, some office printers add invisible watermarks to paper to trace the time and place of printing, so consider making photocopies of printouts in a print shop or sending a USB drive with screenshots. One thing to be aware of regarding postal mail is that, if you follow the above directions, we won’t have a means of contacting you with any follow up questions about what you send.
You can send us mail at this address:
Investigative Journalism Foundation
192 Spadina Ave.
Toronto, Ontario
M5T 2C2
Tips to maximize anonymity
The contact methods above come with different benefits and tradeoffs. To maximize anonymity, consider taking these extra steps:
- Don’t contact us from a work device or using work internet connection, even on your personal phone.
- Don’t look up theijf.org on your work computer or sign up to our newsletter with a work email.
- Don’t contact us on social media or engage with our posts.
- Consider the consequences of being traced to us via your personal email, phone number or social media accounts. Consider using throwaway accounts to reach us.
- If you have access to sensitive documents at work, can a leak be traced back to you? Would printing, downloading or transferring a file be logged? You may need to get creative. For example, Frances Haugen, the Facebook whistleblower, took pictures of thousands of pages of internal reports on her computer screen.
- Clean up traces of your whistleblowing activities, even on personal devices. Delete browsing histories, browser caches, and Signal/WhatsApp/SMS messages.
- Better yet, browse using incognito mode while using a VPN or an anonymous browser like Tor to ensure you’re not accidentally logged into other accounts and that your IP address isn’t logged.
- Don’t tell anyone else that you’re leaking sensitive information to the press. Even if you trust that person, it’s impossible to know when something might slip.
- If your risks are especially high, consider using a public wifi, such as those in cafes, libraries, or airports, to learn about tools like TailsOS and Tor Browser. TailsOS is an operating system that runs off a DVD or USB key and leaves no digital trace. You can use it to create a new Protonmail account to communicate with us.